Target probe eyes overseas hackers; stolen cards for sale online

Comments (12)
MikeBarnett wrote:

The advantage for Target is that credit lines for most cards are about $5000, so Target stores can report sales of $200 billion plus the legitimate sales for a very merry christmas shopping season. This comes at a time when christmas started with one shopping weekend less than normal, and two weekends were lost to ice and snow. These hackers will be able to give Target extremely high sales figures although profit margins after all of the legal issues are resolved may be much lower than Target would prefer. Merry christmas and a happy ho! ho! ho!

Dec 19, 2013 7:32pm EST  --  Report as abuse
MissDolittle wrote:

“It was not immediately clear what percent of the transactions at its brick and mortar stores had been compromised but the company said its online business had not been affected.”

Dec 19, 2013 9:05pm EST  --  Report as abuse
patsy50 wrote:

ccccccccccccc

Dec 20, 2013 6:12am EST  --  Report as abuse
wolf364 wrote:

This has all the makings of an APT (advance persistent attack). Difficult to detect since it starts months prior with the attackers gaining access to the system without detection. Once inside the systems they will do some small recon and determine what within the system they can compromise. Apparently, the brick and mortar portion of Target’s credit card system is separate from their online credit card system, which is a good security set-up. However, it appears the attackers were able to gain access to the brick an mortar system and launched the attack at the most opportune time. Target did not have any internal alerts or flags setup in their system to detect the when the attack started and it was the third party processor who identified the trend within the data that these transaction were occurring with only those cards that had been processed thru Target. the third party processor has a pretty good handle on identifying the trend, although it did take them a number of days/weeks to alert Target. Also, some credit should be given to Target, in that, they did properly segment their online system and it was not compromised. It should now look at the security controls over the online and determine what differences between the online and brick and mortar and make the appropriate changes.

Dec 20, 2013 9:01am EST  --  Report as abuse
suezz wrote:

It is no wonder because the POS computers are windows.

Windows OS should be banned period. It is nothing but a single machine gaming OS that was never meant to be networked.

Dec 20, 2013 3:40pm EST  --  Report as abuse
AlkalineState wrote:

The NSA has no idea who stole 40 million credit card numbers and account profiles from a single retailer, over a 20 day period? They say they have to comb our emails and phone calls and browsing activity daily, so that they can keep us all safe….. but this one slipped past them?

Useless. Dismantle. Burn them.

Dec 20, 2013 4:29pm EST  --  Report as abuse
Eccohawk wrote:

There are multiple errors in your line of thinking here, so I’ll start by addressing a couple of the most egregious ones.

Firstly, the NSA has nothing to do with Corporate espionage cases or financial fraud investigations. Domestic investigations that have international implications are performed by the FBI and/or the Secret Service, as well as local and regional authorities.

Secondly, someone who is stealing 40 million credit card numbers isn’t finding them in phone calls and emails and internet browsing activity. These types of attacks are sophisticated, targeted, and stealthy. Attackers can sometimes spend months or years infiltrating and learning about the internal networks of these large corporations before doing anything malicious.

Third, corporate breaches like this happen far more often than you might realize, especially in recent years. Much of this has to do with outdated equipment, unpatched systems, lax security policies, and a lack of budget, both financially and personnel-wise, applied by these corporations.

In addition, attackers only need to find a single way in, whereas security engineers need to find and protect every single possible way in. Add to that the emergence of more advanced threats, 0-day attacks, and the general non-security focused personnel that make up 90%+ of your typical corporate workforce, some of whom are more than happy to use simple passwords and click on untrusted links in their email, and you’ve got a lot to keep tabs on.

Dec 20, 2013 5:01pm EST  --  Report as abuse
Eccohawk wrote:

There are multiple errors in your line of thinking here, so I’ll start by addressing a couple of the most egregious ones.

Firstly, the NSA has nothing to do with Corporate espionage cases or financial fraud investigations. Domestic investigations that have international implications are performed by the FBI and/or the Secret Service, as well as local and regional authorities.

Secondly, someone who is stealing 40 million credit card numbers isn’t finding them in phone calls and emails and internet browsing activity. These types of attacks are sophisticated, targeted, and stealthy. Attackers can sometimes spend months or years infiltrating and learning about the internal networks of these large corporations before doing anything malicious.

Third, corporate breaches like this happen far more often than you might realize, especially in recent years. Much of this has to do with outdated equipment, unpatched systems, lax security policies, and a lack of budget, both financially and personnel-wise, applied by these corporations.

In addition, attackers only need to find a single way in, whereas security engineers need to find and protect every single possible way in. Add to that the emergence of more advanced threats, 0-day attacks, and the general non-security focused personnel that make up 90%+ of your typical corporate workforce, some of whom are more than happy to use simple passwords and click on untrusted links in their email, and you’ve got a lot to keep tabs on.

Dec 20, 2013 5:01pm EST  --  Report as abuse
gregbrew56 wrote:

So Target was the target of a targeted attack?

Dec 20, 2013 6:29pm EST  --  Report as abuse
AlkalineState wrote:

“We have narrowed it down to overseas hackers. With possible help from underseas hackers. In scuba gear. And something from Pinterest called ’8 kitchen hacks for the holiday season’.”

Good leads.

Dec 20, 2013 7:25pm EST  --  Report as abuse
xyz2055 wrote:

Well said Eccohawk!

Dec 20, 2013 7:47pm EST  --  Report as abuse
MikeB2014 wrote:

If you or anyone you know was a victim of the Target Debit Card Scam, please visit my website at targetcardclassaction.com. You will be asked some to provide some important information which will remain confidential between you and a class action attorney. Thanks.

Dec 26, 2013 11:46am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.